In a Security Services Platform (SSP) 5.1.1 environment integrated with NSX 4.2.1, the following symptoms are observed:

• The SSP UI reports both Inventory Sync and Infrastructure Sync as DOWN.
• The SSP site fails to reach a READY state and remains stuck in onboarding.
• nsxapi.log shows the below error :
  
  A certificate batch replace operation cannot be started at this time because conflicting operations are running: TRANSPORT_NODE_ONBOARDING_IN_PROGRESS. Try again later. (Error code: 2190)

SSP Version: 5.1.1

The issue is caused by Standalone Transport Nodes (TNs) or TNs part of the cluster becoming stuck in an inconsistent lifecycle state, specifically UNINSTALL_FAILED with a HOST_DISCONNECTED status. This typically occurs due to an incomplete NSX removal or a loss of heartbeat between the manager and the host.

Because these nodes are in a transitional state, NSX incorrectly treats the onboarding process as still "in-progress." This locks the system and prevents the certificate replacement operations required for the SSP-NSX handshake.

To resolve the sync failure, you must forcefully clear the stale Transport Node entries:

Identify Affected Hosts:

Log in to the NSX Manager UI.
Navigate to System → Fabric → Hosts → Standalone.
Identify any hosts listed with the status UNINSTALL_FAILED or HOST_DISCONNECTED under Hosts or Nodes.

Note: If any host Transport node part of cluster is stuck in similar state, remove from the cluster and proceed to next steps .

Force Remove NSX:

Select the affected host(s).
Click Delete NSX or Remove NSX.
When prompted, select the Force Remove option.

Verify Restoration:

Confirm the host is successfully removed from the NSX inventory.
The NSX Manager will now allow certificate replacement to proceed.
The SSP site-service will automatically retry the connection, and the site status should transition to READY.